<?php  
	include("../includes/connect_db.php");
	include("../includes/core.php");

	$id 				 = $_POST['id'];
	$nama 			 = $_POST['nama'];
	$idtipe_user = $_POST['idtipe_user'];
	$username 	 = strtolower($_POST['username']);
	$password 	 = md5($_POST['password']);
	$email 			 = $_POST['email'];
	$telepon 		 = $_POST['telepon'];
	$act 				 = $_POST['act'];

	$current_pass 	 = md5($_POST['currentPass']);
	$new_password 	 = md5($_POST['newPass']);

	if (!isset($_SESSION['idUser'])) {
		$iduser = 0;
	} else {
		$iduser = $_SESSION['idUser'];
	}

	switch ($act) {
		case '1':
			# INSERT
			$sql_insert_user = "INSERT INTO user (nama, idtipe_user, username, password, email, telepon, iduser) VALUES ('$nama', '$idtipe_user', '$username', '$password', '$email', '$telepon', '$iduser')";
			if ($query_insert_user = mysql_query($sql_insert_user)) {
				echo "sukses";
			} else {
				echo mysql_error();
			}
			
			break;
		
		case '2':
			$sql_update_user = "UPDATE user SET nama = '$nama', idtipe_user = '$idtipe_user', username = '$username', password = '$password', email = '$email', telepon = '$telepon', iduser = '$iduser' WHERE id = '$id'";
			if ($query_update_user = mysql_query($sql_update_user)) {
				echo "sukses";
			} else {
				echo mysql_error();
			}
			break;

		case '3':
			# DELETE
			break;

		case '4':
			# USER AVAILABYLITY
			$sql_user = "SELECT * FROM user WHERE username = '$username' AND id <> '$id'";
			$query_user = mysql_query($sql_user);
			if (mysql_num_rows($query_user) > 0) {
				echo "1";
			} else {
				echo "0";
			}
			break;

		case '5':
			# CURRENT PASSWORD CHECK
			$sql_get_current = "SELECT password FROM user WHERE id = '$id'";
			$query_get_current = mysql_query($sql_get_current);
			$baris_get_current = mysql_fetch_array($query_get_current);
			if ($baris_get_current[password] != $current_pass) {
				echo "1";
			}else{
				echo "0";
			}
			break;
	}
?>